Netflix’s Janitor Monkey provides for a statically defined set of
rules in code, many of which are overly specific to Netflix’s use
cases. It also utilizes legacy technology for state management in the
form of SimpleDB. On the other hand, Custodian allows users to define policies
and rules to enforce within a yaml configuration file, and, due to its stateless nature it can be deployed on a laptop, server, or lambda.

Netflix’s Security Monkey is a more interesting tool that provides for some
basic audit capabilities. It’s worth investigating, but it’s not clear that
there is much overlap between Cloud Custodian and Security Monkey as they are targeted
to different use cases.